Md Rasel Bhuyan

@sheikhrishad0 @Hacker0x01 @amazon Congrats❤️

H1-213/My First Ever Live Hacking Event It was fun to hack Amazon, Thanks @Hacker0x01 & @Amazon :) #h1213 #hackforgood #togetherwehitharder

@Samm0uda as usual awesome finding

More secure Facebook Canvas Part 2: $100k worth of Account Takeovers: ysamm.com/?p=742 As usual, simple but critical.

@KN0X55 Awesome Tool

*** 2nd #KNOXSS GIVEAWAY! *** Like and RT this TWEET to have a chance to win: * 1 KNOXSS Pro Subscription 3-month There will be 5 winners! 😍 Results of this DRAW will be announced in 72hs. Good luck! 😎

@orange_8361 Awesome😍

It looks like Microsoft finally fixed all my Exchange vulnerabilities (including Pwn2Own bugs) ! Here is a small spoiler - You can't imagine how amazing it is when I found Exchange still suffered from Padding Oracle Attack 😻 - #proxylogon-is-just-the-tip-of-the-iceberg-a-new-attack-surface-on-microsoft-exchange-server-23442" target="_blank" rel="nofollow noopener">blackhat.com/us-21/briefing… #BHUSA #DEFCON

@s3c_krd Congratulations

@orange_8361 Congratulations ❤️

Yay, my talk is accepted by Black Hat USA! "... 7 vulnerabilities that consist of server-side, client-side, and crypto bugs were found via this attack surface and chained into 3 different attack scenarios: ProxyLogon, ProxyShell and ProxyOracle!" #proxylogon-is-just-the-tip-of-the-iceberg-a-new-attack-surface-on-microsoft-exchange-server-23442" target="_blank" rel="nofollow noopener">blackhat.com/us-21/briefing… #BHUSA

@Samm0uda Go ahead man

Account takeover of Instagram accounts due to unrestricted permissions of third-party application's generated tokens ( $18K ) : ysamm.com/?p=684

@Samm0uda Awesome man❤

Here's the third bug. Multiple bugs were chained to achieve Facebook account takeover. Facebook account takeover due to unsafe redirects after the OAuth flow ( $30k ) ysamm.com/?p=667

@Rayhan0x01 Joss hoise vai😍❤❤

Just like OSCP, my OSWE has also been a fast-paced journey of only 30 days and passing it on the 1st attempt! Sharing my #OSWE experience in a few words and some tips and pointers for someone willing to take on the course: rayhan0x01.github.io/web/2021/04/12…

@Rayhan0x01 @offsectraining Congo vai❤

I am ecstatic to share that I passed the #OSWE exam on my 1st attempt! The 48h long exam was the most thrilling exam I went through so far. Loved the course contents and especially the extra lab machines were super fun! Thanks for such a neat course @offsectraining #ITriedHarder

@RoxyhunkPush Sorry private programme brother

I was awarded 100$+750$ = 850$ #BugBounty #TogetherWeHitHarder

@tasdir_x 😑😑😑😑

@Mdrasel1230 Oree showoff ree 🥺.. Koitaa follower barlo?

@SMHTahsin33 K jeno 600$ paisilo 😴🙄

@Mdrasel1230 Congrstulations and Treat 🍔?😬

@sa1tama0 You leet joke kortasen amar sathe😒

@Mdrasel1230 আমাদেরও কিছু টিপস্ দেন।

@remonsec Hahaha inbox e guess bole jaw

@Mdrasel1230 ProBro 🔥 Program ta chena chena lagche 🙄

@a1woareS Thank you vai

@sa1tama0 Thank you vai

@missoum1307 @GoogleVRP Congrats

@_Base_64 @Hacker0x01 Congrats

Just got my first $10k bounty on @Hacker0x01. Bug: The site was trying to add document from AWS bucket to the main site with POST request,it contains Param named KEY with URL path as value. I tried directory traversal on that param,and it dislcose full bucket with credentials.